CVE-2026-7602

MEDIUM 6.3

JeecgBoot FillRuleUtil edit improper authorization

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. You should upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.

CWE	CWE-285 CWE-266
Vendor	n/a
Product	jeecgboot
Published	May 2, 2026

Stay Ahead of the Next One

Get instant alerts for n/a jeecgboot

Be the first to know when new medium vulnerabilities affecting n/a jeecgboot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / JeecgBoot

3.9.0 3.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360559 vuldb.com: https://vuldb.com/vuln/360559/cti vuldb.com: https://vuldb.com/submit/805706 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9552 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9552#issuecomment-4251391314 github.com: https://github.com/jeecgboot/JeecgBoot/

Credits

🔍 Ana10gy (VulDB User) VulDB CNA Team